Hello everyone,
I am encountering a peculiar issue with my HAProxy 2.8 setup on Ubuntu 24.04. I have two separate backends for ADFS: one for production (adfs) and one for staging (adfsstg). Both backends work fine individually, but I am experiencing random failover issues between them. When one backend is operational, the other intermittently returns a 503 “Service Unavailable” error, and vice versa.
HAProxy Configuration:
frontend https
bind {{ip_virtual_keepalived1}}:443 ssl crt {{lmnwildcard_2023_2024}}
mode http
redirect scheme https if !{ ssl_fc }
use_backend {{backend_passwordreset}} if { hdr(host) -i {{sitename_passwordreset}} }
use_backend {{backend_adfs}} if { hdr(host) -i {{sitename_adfs}} }
use_backend {{backend_adfsstg}} if { hdr(host) -i {{sitename_adfsstg}} }
use_backend {{backend_tagetikprod}} if { hdr(host) -i {{sitename_tagetikprod}} }
use_backend {{backend_tagetiktest}} if { hdr(host) -i {{sitename_tagetiktest}} }
use_backend {{backend_jiratest}} if { hdr(host) -i {{sitename_jiratest}} }
use_backend {{backend_confluencetest}} if { hdr(host) -i {{sitename_confluencetest}} }
use_backend {{backend_jiraprod}} if { hdr(host) -i {{sitename_jiraprod}} }
use_backend {{backend_confluenceprod}} if { hdr(host) -i {{sitename_confluenceprod}} }
Backend ADFS:
backend {{backend_adfs}}
balance roundrobin
mode http
http-request deny if !{ src -f {{acl_offices}} } !{ src -f {{acl_external_adfs}} }
acl red_adfs_prd path -i /
acl domain_adfs_prd hdr(host) -i adfs.example.com
redirect code 301 location https://adfs.example.com/adfs/ls/IdpInitiatedSignOn.aspx if domain_adfs_prd red_adfs_prd
server {{name_adfs_server1}} {{ip_adfs_server1}}:{{port_adfs_server1}} ssl verify none check check-sni adfs.example.com sni ssl_fc_sni inter 3s rise 2 fall 3
server {{name_adfs_server2}} {{ip_adfs_server2}}:{{port_adfs_server2}} ssl verify none check check-sni adfs.example.com sni ssl_fc_sni inter 3s rise 2 fall 3
Backend ADFS STG:
backend {{backend_adfsstg}}
balance roundrobin
mode http
http-request deny if !{ src -f {{acl_offices}} }
acl red_adfs_stg path -i /
acl domain_adfs_stg hdr(host) -i adfsstg.example.com
redirect code 301 location https://adfsstg.example.com/adfs/ls/IdpInitiatedSignOn.aspx if domain_adfs_stg red_adfs_stg
server {{name_adfsstg_server1}} {{ip_adfsstg_server1}}:{{port_adfsstg_server1}} ssl verify none check check-sni adfsstg.example.com sni ssl_fc_sni inter 3s rise 2 fall 3
server {{name_adfsstg_server2}} {{ip_adfsstg_server2}}:{{port_adfsstg_server2}} ssl verify none check check-sni adfsstg.example.com sni ssl_fc_sni inter 3s rise 2 fall 3
Issues Observed:
- When
adfsis operational,adfsstgreturns a 503 error and vice versa. - The 503 error appears randomly and is not consistent.
- I have verified that SSL certificates and network configurations are correct.\
I need assistance in identifying the cause of this erratic behavior. Are there any specific configurations I might have overlooked or known issues with the HAProxy version I am using?
Thank you in advance for your help!
1 post - 1 participant